-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
refine docs about NLB #2780
refine docs about NLB #2780
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: M00nF1sh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
docs/guide/service/nlb.md
Outdated
``` | ||
By default, Kubernetes Service resources of type `LoadBalancer` was reconciled by the Kubernetes controller built into the CloudProvider component of the kube-controller-manager or the cloud-controller-manager(a.k.a. the in-tree controller). | ||
|
||
In order to let AWS Load Balancer Controller manage the reconciliation for Kubernetes Services resources of type `LoadBalancer`, we must offloading the reconciliation from in-tree controller to AWS Load Balancer Controller explicitly. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets use "you need to offload"
instead of
"we must offloading"
docs/guide/service/nlb.md
Outdated
service.beta.kubernetes.io/aws-load-balancer-type: "external" | ||
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance" | ||
``` | ||
By default, Kubernetes Service resources of type `LoadBalancer` was reconciled by the Kubernetes controller built into the CloudProvider component of the kube-controller-manager or the cloud-controller-manager(a.k.a. the in-tree controller). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gets reconciled
instead of was reconciled
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
|
||
`LoadBalancerClass` feature provides a CloudProvider agnostic way of offloading the reconciliation for Kubernetes Services resources of type `LoadBalancer` to an external controller. | ||
|
||
When you specify the `spec.loadBalancerClass` to be `service.k8s.aws/nlb` on a Kubernetes Service resource of type `LoadBalancer`, the AWS Load Balancer Controller takes charge of reconciliation by provision an NLB. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
by provisioning an NLB
instead of
by provision an NLB
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:D
docs/guide/service/annotations.md
Outdated
@@ -80,7 +80,7 @@ Traffic Routing can be controlled with following annotations: | |||
|
|||
- <a name="nlb-target-type">`service.beta.kubernetes.io/aws-load-balancer-nlb-target-type`</a> specifies the target type to configure for NLB. You can choose between | |||
`instance` and `ip`. | |||
- `instance` mode will route traffic to all EC2 instances within cluster on the [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) opened for your service. | |||
- `instance` mode will route traffic to all EC2 instances within cluster on the [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) opened for your service. In this mode, AWS NLB sends traffic to the instances and the kube-proxy on the individual worker nodes then forward it to the Kubernetes pods behind the service. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Second sentence contains some redundant info. Lets say something like:
The kube-proxy on the individual worker nodes sets up the forwarding of the traffic from the NodePort to the pods behind the service.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:D sounds good
docs/guide/service/nlb.md
Outdated
When you specify the `spec.loadBalancerClass` to be `service.k8s.aws/nlb` on a Kubernetes Service resource of type `LoadBalancer`, the AWS Load Balancer Controller takes charge of reconciliation by provision an NLB. | ||
|
||
!!! warning | ||
- It's not recommended to modify or add the `spec.loadBalancerClass` on an existing Service resource. Instead, delete the existing Service resource and recreate a new one if a change is desired. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
spec.loadBalancerClass
field is immutable. Users will not run into this situation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for pointing this out
docs/guide/service/nlb.md
Outdated
## Security group | ||
NLB does not currently support managed security groups. For ingress access, the controller adds inbound rules to the node security group for the instance mode, or the ENI security group for the IP mode. In case of multiple | ||
security groups, the controller expects only one security group tagged with the cluster name as follows: | ||
AWS currently does not support attach security groups to NLB. To allow inbound traffic from NLB, the controller automatically adds inbound rules to worker node security groups by default. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does not suppport attaching security groups
or does not support security groups
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i prefer does not suppport attaching security groups
to be more specific
docs/guide/service/nlb.md
Outdated
## Security group | ||
NLB does not currently support managed security groups. For ingress access, the controller adds inbound rules to the node security group for the instance mode, or the ENI security group for the IP mode. In case of multiple | ||
security groups, the controller expects only one security group tagged with the cluster name as follows: | ||
AWS currently does not support attach security groups to NLB. To allow inbound traffic from NLB, the controller automatically adds inbound rules to worker node security groups by default. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
adds inbound rules to the worker node security groups by default
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
/lgtm |
* refine NLB docs * address comment
Issue
N/A
Description
refine docs about NLB, mainly
service.beta.kubernetes.io/aws-load-balancer-type
annotation.Checklist
README.md
, or thedocs
directory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 馃く